Sign-up

ID

VAR-201704-0062


CVE

CVE-2016-10222


TITLE

Safari Technology Preview Distributed by WebKit of JavaScriptCore of runtime/JSONObject.cpp Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-008270

DESCRIPTION

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. Apple Safari Technology Preview is a browser of Apple (Apple). WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the runtime/JSONObject.cpp file of WebKit's JavaScriptCore in Apple Safari Technology Preview 18

Trust: 1.71

sources: NVD: CVE-2016-10222 // JVNDB: JVNDB-2016-008270 // VULHUB: VHN-88977

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:18

Trust: 1.6

vendor:applemodel:safariscope:eqversion:technology preview release 18

Trust: 0.8

sources: JVNDB: JVNDB-2016-008270 // CNNVD: CNNVD-201704-177 // NVD: CVE-2016-10222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10222
value: HIGH

Trust: 1.0

NVD: CVE-2016-10222
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-177
value: MEDIUM

Trust: 0.6

VULHUB: VHN-88977
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10222
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-88977
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-88977 // JVNDB: JVNDB-2016-008270 // CNNVD: CNNVD-201704-177 // NVD: CVE-2016-10222

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-88977 // JVNDB: JVNDB-2016-008270 // NVD: CVE-2016-10222

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-177

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008270

PATCH
title:チェンジセット 208123 (webkit)url:https://trac.webkit.org/changeset/208123/webkit
Trust: 0.8
title:Bug 164123url:https://bugs.webkit.org/show_bug.cgi?id=164123
Trust: 0.8
title:Apple Safari Technology Preview WebKit Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74425
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008270 // 
            
            
            
            CNNVD: CNNVD-201704-177

EXTERNAL IDS
db:NVDid:CVE-2016-10222
Trust: 2.5
db:JVNDBid:JVNDB-2016-008270
Trust: 0.8
db:CNNVDid:CNNVD-201704-177
Trust: 0.7
db:VULHUBid:VHN-88977
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88977 // 
            
            
            
            JVNDB: JVNDB-2016-008270 // 
            
            
            
            CNNVD: CNNVD-201704-177 // 
            
            
            
            NVD: CVE-2016-10222

REFERENCES
url:http://trac.webkit.org/changeset/208123
Trust: 1.7
url:https://bugs.webkit.org/show_bug.cgi?id=164123
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10222
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10222
Trust: 0.8
sources:
            
            
            VULHUB: VHN-88977 // 
            
            
            
            JVNDB: JVNDB-2016-008270 // 
            
            
            
            CNNVD: CNNVD-201704-177 // 
            
            
            
            NVD: CVE-2016-10222

SOURCES
db:VULHUBid:VHN-88977
db:JVNDBid:JVNDB-2016-008270
db:CNNVDid:CNNVD-201704-177
db:NVDid:CVE-2016-10222

LAST UPDATE DATE
2025-04-20T23:25:05.439000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88977date:2017-04-11T00:00:00
db:JVNDBid:JVNDB-2016-008270date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-177date:2017-09-06T00:00:00
db:NVDid:CVE-2016-10222date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-88977date:2017-04-03T00:00:00
db:JVNDBid:JVNDB-2016-008270date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201704-177date:2017-04-03T00:00:00
db:NVDid:CVE-2016-10222date:2017-04-03T05:59:00.487